Impact: Processing maliciously crafted web content may result in the disclosure of process memoryDescription: An out-of-bounds read was addressed with improved input validation.CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team

Impact: Processing maliciously crafted web content may lead to arbitrary code executionDescription: Multiple memory corruption issues were addressed with improved memory handling.CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan TeamCVE-2019-8571: 01 working with Trend Micro's Zero Day InitiativeCVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of VenustechCVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day InitiativeCVE-2019-8586: an anonymous researcherCVE-2019-8587: G. Geshev working with Trend Micro Zero Day InitiativeCVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec LabCVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day InitiativeCVE-2019-8596: Wen Xu of SSLab at Georgia TechCVE-2019-8597: 01 working with Trend Micro Zero Day InitiativeCVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day InitiativeCVE-2019-8608: G. Geshev working with Trend Micro Zero Day InitiativeCVE-2019-8609: Wen Xu of SSLab, Georgia TechCVE-2019-8610: Anonymous working with Trend Micro Zero Day InitiativeCVE-2019-8611: Samuel Groß of Google Project ZeroCVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day InitiativeCVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research LabCVE-2019-8622: Samuel Groß of Google Project ZeroCVE-2019-8623: Samuel Groß of Google Project ZeroCVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab

We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance

Safari 12.1 Release Notes

Safari 12.1 ships with iOS 12.2 and macOS 10.14.4. It’s also available for macOS 10.13.6 and 10.12.6. New features of Safari 12.1 include:

Dark Mode for the Web. The ability to enable color scheme customizations for websites while in Dark Mode.

Intelligent Tracking Prevention. New permission requirements for third-party cookies and new limits for long-term tracking.

General

Updated the push notification prompt for Safari on macOS to require a user gesture.

Updated the behavior of websites saved to the home screen on iOS to pause in the background instead of relaunching each time.

Password AutoFill

Updated Password AutoFill to sign in automatically to websites after filling in the credentials.

Security and Privacy

Added warnings displayed to the user when loading insecure pages in both Safari and in SFSafariViewController.

Added support for the Intersection Observer API, which detects the intersection of visible elements relative to other elements. Elements include the viewport of the top-level document.

Added support for the Web Share API to invoke the native share dialog provided by the system.

Added support for <input type="color">.

Added support for the <datalist> element.

Payment Request API

Added support for granular errors.

Added support in Wallet & Apple Pay preferences for using the default contact information for the shipping address, email, and phone. On iOS, set preferences in the Transaction Defaults category in Settings > Wallet & Apple Pay. On Mac, set preferences in System Preferences > Wallet & Apple Pay > Contacts and Shipping.

Added support for the default addresses and contacts configured in the Contacts and Shipping in the Wallet system preferences on iOS and macOS.

Added support for special fields for Japan including phoneticName, subLocality, and subAdministrativeArea.

CSS and Text

Added support for the CSS media queries prefers-color-scheme: light and prefers-color-scheme: dark.

Added support for CSS rules to customize text decorations like underlines and dashed underlines.

Added support for new rgb() color functions from the CSS Color 4 specification.

Media

Added support for H.264 simulcast and VP8 in WebRTC to improve support for multi-party video conferencing.